Cyber security is a global issue of growing importance. Cyber espionage can affect technical, military, political and economic interests anywhere. Computer networks face a constantly evolving menace from cyber attacks, viruses, unauthorized probes, scans, and intrusions. Terrorists, criminals, and network hackers are more determined than ever to steal information, cause disorder and destroy networks. Additionally, these individuals have the knowledge, technical skills and determination to carry out their actions with, on many occasions, ease. Attacks are no longer direct but are increasingly sophisticated and stealthy. Therefore, focus in cyber security is increasingly based on the assumption that attackers are inside the network.
In order to protect a network against cyber attacks, the weaknesses of the network to various types of attacks should be understood. One method for discovering such weaknesses is through “Red Teaming.” Red Teaming is a process by which experienced personnel act like an adversary and attempt to access and operate within a network in order to uncover potential weaknesses. Red Teaming simulates real-world attacks against a network and can identify gaps in security practices and controls that are not readily apparent from conducting standard technical tests. Red Teaming can help “Blue Teams” (experienced personnel responsible for defending a network) to determine adequacy of security measures, identify security deficiencies, predict effectiveness of proposed security measures, and confirm adequacy of such measures after implementation. Through Red Teaming, network administrators can uncover weaknesses, implement preventive measures, and/or train personnel to identify indicators of active attacks.
Conventional Red Team testing is a labor intensive and expertise driven capability that is expensive and time-consuming to conduct. Additionally, organizations often resist Red Team exercises due to paranoia associated with unforeseen effects such as damage to the network or exposure of sensitive data. Software tools have been developed to automate detection of network vulnerabilities. However, these tools only look at the exposed face of a network to analyze initial penetration vulnerabilities and perimeter defenses.
Accordingly, there is a need for improved network attack analysis tools.